W3C home > Mailing lists > Public > public-webapps@w3.org > April to June 2015

Proposed W3C CG - The Extended Web

From: Anders Rundgren <anders.rundgren.net@gmail.com>
Date: Wed, 22 Apr 2015 17:43:34 +0200
Message-ID: <5537C1A6.8080905@gmail.com>
To: "public-web-security@w3.org" <public-web-security@w3.org>
CC: public-webapps <public-webapps@w3.org>, "public-webappsec@w3.org" <public-webappsec@w3.org>
https://www.w3.org/community/blog/2015/04/19/proposed-group-the-extended-web-community-group/

Since the CG description is free from "political" stuff, I included it here :-)

Most of the things exposed in the system-level (native) APIs of Android, iOS, Windows, etc. could indeed be provided in web-browsers.  However, the cost and time that this would take as well as the ever-increasing speed of native OS and related hardware developments make this unrealistic except for a rather modest set of well-scoped APIs.  It has also proven to be considerably harder dealing with untrusted web-code than originally thought.

"The Extended Web CG" is about *COMBINING the power of the two worlds* which is a bit nicer than the current "Platform War" (which like regular wars doesn't really make anybody happy).

To achieve that, The Extended Web CG is dedicated developing a *secure link* between the Open [untrusted] Web and the Native [trusted] layer, independently of how the latter is expressed.  The current idea is building on an *enhanced version* of Chrome's Native Messaging:
http://www.cnet.com/news/google-paves-over-hole-left-by-chrome-plug-in-ban/
http://blog.chromium.org/2013/10/connecting-chrome-apps-and-extensions.html

The single most important feature of Native Messaging is that it offers *a way for third-parties to innovate* in areas ranging from Secure Web-payments to Streaming Media-services as well as one-of-a-kind vendor-specific solutions like Remote Diagnostics for PCs.

FWIW, it seems that the core concept (talking securely with a web-page), could, and with relative ease (fingers crossed...), also include mobile devices connected to a web-page through an NFC/Bluetooth(BLE) "combo" link:
https://cyberphone.github.io/openkeystore/resources/docs/webnfc--web2device-bridge.pdf
A defensive publication has recently been submitted for this proposal.

Anders Rundgren
convener/"firestarter"

https://cyberphone.github.io/openkeystore/resources/docs/web2native-bridge.pdf
Received on Wednesday, 22 April 2015 15:44:21 UTC

This archive was generated by hypermail 2.3.1 : Friday, 27 October 2017 07:27:31 UTC